<?php
include 'includes/application_top.inc';
print_r($_SESSION);
print_r($_REQUEST);

$myusername = $_REQUEST['login'];
$mypassword =  $_REQUEST['pass'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypassword = md5($mypassword);
$sql="SELECT * FROM users WHERE email='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("login");
session_register("pass"); 
header("location:login_success.php");
}
?>